Main navigation

Time for change: Elevating the role of the risk function

For the last decade, risk functions have spent considerable time and energy ensuring they are effective and compliant with regulatory change. Many have capitalised on the significant advances in technology to improve efficiency, but are still not yet realising a level of transformation that is possible. Mark Ward, Lead Partner for our Future of Risk and Compliance programme encourages Chief Risk Officers (CROs) to critically assess if they are fit for the future and consider:

What does transformation mean to you?

How can you deliver an effective transformation programme?

What does transformation mean for the CRO?

If we think about how risk functions work - even in agile environments - many still follow a traditional approach. CROs have begun programmes to enhance effectiveness and drive efficiencies through automation of existing processes and deployment of tech based point-solutions. But the real opportunity lies in embracing technology to automate and digitise operations and create a 24/7 real-time risk function that processes, reviews, checks and creates alerts. The result is faster decision making and better customer insights. Change of this nature will drive a new operating model and new ways of working – the impact of which could be truly transformational.

This level of change also challenges how risk functions interact with other business areas, such as finance and treasury. The potential to create a common set of streamlined, high quality data and analytics across these three decision-making and analysis functions may deliver smoother collaboration. Delivering an effective transformation along these lines should also enable the risk function to focus more on strategic decision support and real time risk management, enhancing the impact of the function and CRO at C-Suite and Board level.

Delivering an effective transformation programme

Having a vision for a future state operating model is the foundation of a successful transformation. But this is not easy in an environment that is constantly changing and in which the understanding of technology capabilities is still developing. We use our ‘Future of Risk and Compliance Evaluator’ tool with clients to help review risk functions, benchmark maturity against a series of attributes, and position what their future state could be. This provides the Risk function with an end state vision, from which they can develop an implementation plan. The plan gives CROs context and confidence that that each step of their transformation journey leads to the desired future state.

In practice, it makes sense to divide transformation into three horizons:

12 months: Carry out operations to remain effective in day to day deliverables, but also consider how these can help the transformation journey. For example, implementation of RPA or OCR can deliver cost savings which can be used to finance long term transformation as well as delivering immediate benefits to customers.

Two to three year plans: Embark on work-streams to deliver your vision. This is where most banks are increasing digitisation and use of cloud, use of extended enterprise models, or reconsidering spheres of accountability and pushing responsibility out to the first line.

Three to five year plans: Review progress. Reassess suitability of end state and deliver future state operating model and ways of working,

Transformation can be a significant venture. We have seen little appetite for full “soup to nuts” transformation programmes and, in practice, many banks are adopting an iterative approach or a ‘scout, experiment, scale’ framework to implementing change. For example, the bank may focus on a specific area of the risk function and explore new tools, such as smart voice analytics. They then experiment through proof of concept before deciding whether to scale up and roll out across the bank. This is a pragmatic approach that not only helps to build the business case for change, it helps to encourage stakeholder engagement and buy-in.

CRO: Agent of change

It is easy to get excited about the opportunities of new technology solutions, but engagement of people is critical and can determine the success or failure of the programme.

Traditionally risk professionals, may have been seen as expert but conservative and not necessarily early adopters of change. CROs will need to tackle concerns from their teams about how technological change will impact jobs and how their teams can keep up to date.

The CRO themselves needs to be the leader of change. They need to be able to articulate how transformation delivers benefits for the risk function, the bank and its customers. They will need to partner effectively; not only with finance and treasury, but also with the board, CEO and risk committee. The best CROs will also have the power to bridge the technical conversation they have and convert this to insights and direction that is equally understandable to others.

Future of Risk and Compliance:

Financial institutions are wrestling with relentless change. As speed of regulatory change slows, there are emerging risk and challenges from new market entrants, disruptive technology, the rise of the machines and artificial intelligence, our changing ways of working and the requirement to do more for less. To help navigate these challenges and seize the opportunity this change presents, we have developed a model for the future of risk and compliance that shines a light on what is possible. Whatever your current state and aspiration for your future, we can help you transform the way you manage risk and compliance to be fit for whatever the future holds.Contact Mark Ward as below for more information.

Mark D. Ward, Lead Partner, Future of Risk and Compliance

Mark has over 25 years’ experience in banking, insurance and asset management and primarily focuses on risk management, organisation restructuring and other strategic activities such as executive and management information requirements for risk control and business decision making.

Sign up for latest updates

Deloitte LLP is the United Kingdom affiliate of Deloitte NWE LLP, a member firm of Deloitte Touche Tohmatsu Limited, a UK private company limited by guarantee (“DTTL”). DTTL and each of its member firms are legally separate and independent entities. DTTL and Deloitte NWE LLP do not provide services to clients. Please see About Deloitte to learn more about our global network of member firms.

Deloitte LLP is a limited liability partnership registered in England and Wales with registered number OC303675 and its registered office at 1 New Street Square, London EC4A 3HQ, United Kingdom.